package com.woniuxy.education.filter;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

public class OrFilter extends AuthorizationFilter {
    //返回值为true表示能够访问,返回false不能访问
    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object o) throws Exception {
        //1.获取subject
        Subject currentUser=getSubject(request,response);

        //获取到过滤器中设置的角色信息
        String[] roles=(String[]) o;

        //3.判断
        if(roles!=null && roles.length>0){
            for (String role : roles) {
                if(currentUser.hasRole(role)){
                    return  true;
                }
            }
        }
        return true;
    }
}
